NSA likely targets anybody who's 'Tor-curious'

Whether you're a regular user of Web privacy tools like Tor and Tails, or you've just checked out their websites, the NSA could be tracking your online movements, a new investigation reveals.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
3 min read

Screenshot from German report on X-Keyscore. Screenshot by Seth Rosenblatt/CNET

Use of common Web privacy tools or even mere curiosity about them could get you added to a National Security Agency watch list, according to a new report.

The NSA surveillance program called X-Keyscore, first revealed last summer in documents leaked by Edward Snowden, has been found to contain selection rules that potentially add to an NSA watch list anybody who has not only used, but visited online privacy-protection tools such as the Tor Network for anonymous Web browsing and the Linux-based Tails operating system. Snowden's X-Keyscore files indicated that it allowed NSA employees to obtain a person's phone number or email address, view the content of email, and observe full Internet activity including browsing history without a warrant.

An analysis of X-Keyscore's source code (text only) indicates that the program has targeted a German student who runs a Tor node, and can add to the NSA's surveillance lists anybody who uses popular Internet privacy tools such as Tor. The reports were prepared by reporters for the German public television broadcasters NDR and WDR, and people employed by and volunteering for Tor, who said that "former NSA employees and experts are convinced that the same code or similar code is still in use today."

Primarily funded by the US government, the Tor network anonymizes Internet traffic by relaying the communication through a series of encrypted, anonymizing hubs called nodes. It's often used by reporters and activists, and it was estimated in 2012 that 50,000 to 60,000 Iranians use the service daily.

Tails is a variant of the Linux operating system that can be launched from a USB key and comes with Tor and other common tools pre-configured with privacy settings. Each time it boots, it automatically wipes everything that isn't saved elsewhere. Tails is described in the X-Keyscore source code as, "a comsec mechanism advocated by extremists on extremist forums."

The Electronic Frontier Foundation cautioned people to not abandon the services just because the NSA was spying on them.

"The more ordinary people use Tor and Tails, the harder it is for the NSA to make the case that reading about or using these tools is de facto suspicious," wrote EFF staffers.

The new X-Keyscore surveillance revelations are worrying because of the apparent breadth of their reach.

"This isn't just metadata; this is "full take" content that's stored forever," security expert Bruce Schneier said on his blog. "It's possible," he wrote, that anyone reading that blog post of his "is currently being monitored by the NSA" because it contained a link to the torproject.org.

A rule in the source code shows that X-Keyscore is keeping track of all visitors to torproject.org, according to the NDR report.

Author and privacy advocate Cory Doctorow, who was briefed in advance of the German report, said that an expert he consulted indicated that the source for the X-Keyscore code may not have been Edward Snowden.

"The existence of a potential second source means that Snowden may have inspired some of his former colleagues to take a long, hard look at the agency's cavalier attitude to the law and decency," he said.